WIN2000 Encrypted Folders & Administrator Profile

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

An MCSE I hired to fix a Registry problem ended up
formatting my drive & reinstalling WIN2000.

However, my "My Documents" folder was encrypted (& stored
on a non-system drive).

I had a complete backup of my system on an external backup
drive & am able to restore the complete file system.

However, my Administrator profile that I was using was
renamed Administrator.XXXXXXXXXXX by a security
enhancement some time ago and now I am unable to recover
that profile as the recently installed Administrator
account is now the default.

I believe that if I can reinstall the previous
Administrator.XXXXXXXXXXX profile, then I should be able
to use the digital security certificate for the encrypted
folder.

Can someone please advise me how this might be possible?

Thanks.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

If you know the password to the old administrator account and have the old profile
you may be able to recover the EFS files. The EFS private keys used are stored in the
profile of the user and Recovery Agent for those files. There is no easy way however
after a reinstall, without exported private keys to import. Microsoft may be able to
help with a paid support call or try one of the EFS recovery programs such as the
one from ElcomSoft which has a free download that will at least tell you if it can
find the keys associated with the files before you spend the $99. The program will
look for the EFS private keys and then you need to enter the password that the user
used for that account. If your computer was a member of a domain, a domain
administrator may be a recovery agent. Efsinfo can be helpful in determining who can
decrypt EFS files --- Steve

http://www.fileboost.net/directory/utilities/encryption/009693_advanced_efs_data_recovery_review.html

"Bevan" <anonymous@discussions.microsoft.com> wrote in message
news:2950601c4653c$3fd67940$a501280a@phx.gbl...
> An MCSE I hired to fix a Registry problem ended up
> formatting my drive & reinstalling WIN2000.
>
> However, my "My Documents" folder was encrypted (& stored
> on a non-system drive).
>
> I had a complete backup of my system on an external backup
> drive & am able to restore the complete file system.
>
> However, my Administrator profile that I was using was
> renamed Administrator.XXXXXXXXXXX by a security
> enhancement some time ago and now I am unable to recover
> that profile as the recently installed Administrator
> account is now the default.
>
> I believe that if I can reinstall the previous
> Administrator.XXXXXXXXXXX profile, then I should be able
> to use the digital security certificate for the encrypted
> folder.
>
> Can someone please advise me how this might be possible?
>
> Thanks.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Steven L Umbach wrote:

> If you know the password to the old administrator account and have the old profile
> you may be able to recover the EFS files. The EFS private keys used are stored in the
> profile of the user and Recovery Agent for those files. There is no easy way however
> after a reinstall, without exported private keys to import. Microsoft may be able to
> help with a paid support call or try one of the EFS recovery programs such as the
> one from ElcomSoft which has a free download that will at least tell you if it can
> find the keys associated with the files before you spend the $99. The program will
> look for the EFS private keys and then you need to enter the password that the user
> used for that account. If your computer was a member of a domain, a domain
> administrator may be a recovery agent. Efsinfo can be helpful in determining who can
> decrypt EFS files --- Steve
>
> http://www.fileboost.net/directory/utilities/encryption/009693_advanced_efs_data_recovery_review.html
Hi

If you have access to the user profile folders for the user that
encrypted the files and if you remember the password for the user
that encrypted the data, you might be able to save the files
without paying for a program or support call.

Take a look at this site for more details:

http://www.beginningtoseethelight.org/efsrecovery/


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/default.mspx

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Steven & Torgeir,

Many thanks for your invaluable help.

I tried the manual approach & found there were a couple of
pieces missing and so decided to go the Elcomsoft route
which gave me the results I was looking for.

Best Regards,
Bevan

>-----Original Message-----
>Steven L Umbach wrote:
>
>> If you know the password to the old administrator
account and have the old profile
>> you may be able to recover the EFS files. The EFS
private keys used are stored in the
>> profile of the user and Recovery Agent for those files.
There is no easy way however
>> after a reinstall, without exported private keys to
import. Microsoft may be able to
>> help with a paid support call or try one of the EFS
recovery programs such as the
>> one from ElcomSoft which has a free download that will
at least tell you if it can
>> find the keys associated with the files before you
spend the $99. The program will
>> look for the EFS private keys and then you need to
enter the password that the user
>> used for that account. If your computer was a member of
a domain, a domain
>> administrator may be a recovery agent. Efsinfo can be
helpful in determining who can
>> decrypt EFS files --- Steve
>>
>>
http://www.fileboost.net/directory/utilities/encryption/009
693_advanced_efs_data_recovery_review.html
>Hi
>
>If you have access to the user profile folders for the
user that
>encrypted the files and if you remember the password for
the user
>that encrypted the data, you might be able to save the
files
>without paying for a program or support call.
>
>Take a look at this site for more details:
>
>http://www.beginningtoseethelight.org/efsrecovery/
>
>
>--
>torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
>Administration scripting examples and an ONLINE version of
>the 1328 page Scripting Guide:
>http://www.microsoft.com/technet/community/scriptcenter/de
fault.mspx
>.
>